Trusting Computing on Linux

In an era where everybody is connected to a potentially harmful Internet with an increasing number of complex and distributed applications, controlling what the computers do has become significantly harder. At the core, simple actions (executing software, e-commerce, etc.) rely on trust relationships; what if your computer (or the merchant's) has been compromised and alters your perception of reality? Indeed, at the beginning, Neo did not know there was a Matrix because he trusted everything he saw...

Closer to our world, and without being paranoid, one of the first actions intruders or rootkits take is to replace common commands with fake ones. Is it then possible to guarantee that we'll really execute the code we intended to? How far can you trust the computer of a given merchant not to reveal your credit card number? This is precisely what trusted computing is about: providing the means to know how much a given machine may be trusted.

Actually, the use of chips to enforce security within the lowest layers isn't new; it's existed for many years. However, their high price, difficult integration with commercial software, and high impact on systems' performances has restricted their use to the mainstream industry.

Several major industrials decided to join their efforts and design a compromise that would meet market needs. The idea was to build a trusted platform, including a new security chip, that would be easier to use and with more computational power, but perhaps a little less secure. They first gave birth to the TCPA (Trusted Computing Platform Alliance) in 1999, and then to its successor, TCG (Trusted Computing Group), in 2003.

Trusted Computing Group

The primary goal of the TCG is to provide the industry with vendor-neutral standard specifications for various platforms (PC, PDA, mobile phone, etc.). To do so, they describe a subsystem to integrate onto each platform and that provides protection to a user's computing environment, and information and keys to operating systems or applications. More precisely, TCG's proposed subsystem consists of a Trusted Platform Module (TPM) and the TPM Software Stack (TSS).

The TPM is a hardware chip. It provides low-level trusted computing functionalities such as protected storage (making sure encryption keys cannot be retrieved even if the platform is compromised), integrity metrics (detecting compromise), and platform attestation (prove to others that the platform has a given property).

CIO, CTO & Developer Resources

As for the TSS, it's organized as shown in Figure 1:

A TPM device driver, typically provided by the TPM manufacturer

An abstraction layer to TPM drivers, the TDDL, which makes it possible to develop upper components in the stack independent of the TPM chip

A core services layer (TCS) that groups all common services to the software stack, such as event management, key and credentials management, etc.

Various TSS Service Providers (TSP) that, for example, offer access to specific APIs such as PKCS#11

To illustrate the possible benefits of using trusted compu-ting, let's describe a simple case where a system administrator needs to secure an employee's laptop access to the corporate network. The employee accesses his or her company's network using a secret key and specific network access software (e.g., a VPN client). The problem is that the employee's laptop is obviously untrusted; it's carried everywhere and unfortunately is the ideal target for viruses or any other malware. If a laptop's corporate network access software and/or the secret key are compromised, this may seriously impact corporate security.

To avoid such a scenario, a possible solution relies on trusted computing. The administrator uses the TPM to seal the secret key with the BIOS, OS, and the network access software. This cryptographically binds the keys to a given software stack, so that only the TPM may unseal the key if and only if the software stack (BIOS, OS, network-access software) has not been compromised. This virtually establishes trust on an untrusted platform.

Linux Support for TCG

In practice, TPMs are already well established on the market, although perhaps not that widely yet. Several chip manufacturers propose TPM chips (e.g., Infineon's SLD 9630 TT or Atmel's AT97SC3201). Intel has developed TPM-integrated boards (D865GRH, D915GEV, and D915GUX desktop boards). TPMs are even sold on a specific desktop or laptop series (IBM ThinkCentre, HP Compaq DC7100, Toshiba Tecra M2, Fujitsu Lifebook S, etc.). The real difficulty in getting your hands on TCG arises later, within the TPM Software Stack. Indeed, mainstream Linux kernels do not natively recognize TPM chips, and solutions to use them are nearly nonexistent at the moment.

With Linux, we are presently only aware of NTRU's TSS and a few research projects listed in Table 1. Most of those are highly experimental, with only limited support of TPM chips and a selected subset of TCG functions. Clearly, this is currently only a developer's or an expert's world; there is no way an end user can benefit from TCG's functionalities without getting into the source code.

TCG and Linux

Actually, trusted computing's first exposure to the public has been quite controversial. Basically, people worried that this technology would scorn privacy or block software interoperability. Others even exposed startling side effects. The reality is probably somewhat more balanced, and we dare to compare trusted computing to a Swiss army knife: it can be extremely useful for getting out of (dangerous?) situations, but obviously it may be lethal.

It's beyond the scope of this article to tackle privacy and TCG issues in more detail, though we invite interested readers to refer to the resources section for further readings.

Whether we want it or not, trusted computing seems to be a part of the future for many commercial systems. Support for TCG is already part of the requirements for some industrial Linux systems. Market perspective looks extremely promising; indeed, there are still several research and development opportunities:

At the hardware level, by introducing new trusted hardware on the market (see for instance, Intel's trusted keyboard controller).

At the operating system level, with a new "trusted" OS making use of trusted hardware. This would probably consist of a kernel module but with a broader link to the OS.

At the application level, with numerous use cases for end-user "trusted" applications, but barely any implementation on Linux yet.

In the area of embedded systems - for example, mobile phones, PDAs, or other devices.

Conclusion

Currently, the best way to qualify TCG's penetration in the market is moderate: the TPM chips are already on the market, but their software stack is extremely limited and experimental. Yet, whatever your rationale is - for or against TCG technology - with the widespread propagation of viruses and other malware, and the ever-increasing security needs of the industry, trusted computing seems an extremely promising technology and TPM chips are very likely to be deployed more frequently on systems around us. It would then be extremely positive for the Linux community - and more generally the open source community - to get involved. Indeed, how much and how well TPMs are supported and integrated could become a selection criteria among operating systems in the future.

Makan Pourzandi received his doctoral degree on parallel computing in 1995 from the University of Lyon, France. He works for Ericsson Research Canada in the Open Systems Research Department. His research domains are security, cluster computing, and component-based methods for distributed programming. He has more than 7 publications in International conferences with reference committees. Makan has delivered several talks at universities, international conferences, and Open Source forums. He is involved in several Open Source projects: Distributed Security Infrastructure (disec.sourceforge.net), and a contributer to the security requirements of the Open Source Development Lab (OSDL) Carrier Grade Linux (CGL).

Axelle Apvrille currently works for Ericsson Research Canada in the Open Systems Research Department. Herresearch interests are cryptography, security protocols and distributedsecurity. She received her computer science engineering degree in 1996at ENSEIRB, Bordeaux, France.

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

In his session at @ThingsExpo, Greg Gorman is the Director, IoT Developer Ecosystem, Watson IoT, will provide a short tutorial on Node-RED, a Node.js-based programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. It provides a browser-based editor that makes it easy to wire together flows using a wide range of nodes in the palette that can be deployed to its runtime in a single-click.
There is a large library of contributed nodes that help so...

SYS-CON Events announced today that Daiya Industry will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Daiya Industry specializes in orthotic support systems and assistive devices with pneumatic artificial muscles in order to contribute to an extended healthy life expectancy.
For more information, please visit https://www.daiyak...

What is the best strategy for selecting the right offshore company for your business?
In his session at 21st Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, will discuss the things to look for - positive and negative - in evaluating your options. He will also discuss how to maximize productivity with your offshore developers.
Before you start your search, clearly understand your business needs and how that impacts software choices.

SYS-CON Events announced today that SIGMA Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
uLaser flow inspection device from the Japanese top share to Global Standard! Then, make the best use of data to flip to next page. For more information, visit http://www.sigma-k.co.jp/en/.

SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.

SYS-CON Events announced today that Taica will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Taica manufacturers Alpha-GEL brand silicone components and materials, which maintain outstanding performance over a wide temperature range -40C to +200C. For more information, visit http://www.taica.co.jp/english/.

SYS-CON Events announced today that B2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
B2Cloud specializes in IoT devices for preventive and predictive maintenance in any kind of equipment retrieving data like Energy consumption, working time, temperature, humidity, pressure, etc.

SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp em...

SYS-CON Events announced today that Ryobi Systems will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Ryobi Systems Co., Ltd., as an information service company, specialized in business support for local governments and medical industry. We are challenging to achive the precision farming with AI. For more information, visit http:...

SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.

Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...

SYS-CON Events announced today that Enroute Lab will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Enroute Lab is an industrial design, research and development company of unmanned robotic vehicle system. For more information, please visit http://elab.co.jp/.

Real IoT production deployments running at scale are collecting sensor data from hundreds / thousands / millions of devices. The goal is to take business-critical actions on the real-time data and find insights from stored datasets.
In his session at @ThingsExpo, John Walicki, Watson IoT Developer Advocate at IBM Cloud, will provide a fast-paced developer journey that follows the IoT sensor data from generation, to edge gateway, to edge analytics, to encryption, to the IBM Bluemix cloud, to Wa...

SYS-CON Events announced today that Suzuki Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Suzuki Inc. is a semiconductor-related business, including sales of consuming parts, parts repair, and maintenance for semiconductor manufacturing machines, etc. It is also a health care business providing experimental research for...

Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...

SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...

Okay, so my vacations don’t necessary seem like other folks’ vacations. Yes, we relax. Yes, we spend too much money. Yes, we eat too much food. But for some reason, unusual learning opportunities pop up during our vacations, and this year’s vacation was no different. This year’s vacation theme was… logistics.
Our logistics foray started by watching the artsy-fartsy movie “The Lunchbox.” I hate artsy-fartsy movies, but my wife insists on watching them on vacation. The movie was excellent. However, I was totally mesmerized by the lunchbox delivery system that was a featured part of the movie. T...

Our cities have been connected since the dawn of urbanization in the Indus Valley and on the plains of Mesopotamia nearly ten millennia ago. Cities exist to gather and connect people, bringing us together into communities and joint ventures that need complex networks of communication. But in recent years the connected city has come to mean something more. Today and in the future, the connected city will not just be about people connecting with people, but people with machines, people with people via machines, and perhaps most importantly, machines with machines.

These days, APIs have become an integral part of the digital transformation journey for all enterprises. Every digital innovation story is connected to APIs . But have you ever pondered over to know what are the source of these APIs? Let me explain - APIs sources can be varied, internal or external, solving different purposes, but mostly categorized into the following two categories. Data lakes is a term used to represent disconnected but relevant data that are used by various business units within an enterprise. APIs are created as the easy access points for these siloed data lakes.

Every time there’s a notable cybersecurity breach, someone (even me) writes a comprehensive primer on the proper way to create “secure” passwords. Lather, rinse, repeat. Until a few years ago, everyone (including me) based their password advice on a 2003 paper from the National Institute of Standards and Technology (NIST), with the catchy title “NIST Special Publication 800-63.” The paper recommended that passwords be cryptic, contain special characters, and be as close to nonsense as possible.

“Self-driving cars are the future of ride-sharing,” proclaimed an industry expert who shall remain nameless. The comment struck me as ridiculous. From my point of view, Uber (and all car services) already provide self-driving cars. You don’t drive the car; the driver does. Do you really care whether the car is controlled by a human/machine partnership or it’s an autonomous mechanical device? Other than to acknowledge that you are the person the car is supposed to pick up, you don’t need to speak to the human driver any more than you would need to speak to the natural language–understanding alg...

It takes years – sometimes a lifetime – to perfect certain skills in life: hitting a jump shot off the dribble, nailing that double high C on the trumpet, parallel parking a Ford Expedition. Malcolm Gladwell wrote a book, “Outliers,” discussing the amount of work – 10,000 hours – required to perfect a skill (while the exactness of 10,000 hours has come under debate, it is still a useful point that people need to invest considerable time and effort to master a skill). But once we get comfortable with something that we feel that we have mastered, we become reluctant to change. We are reluctant t...

Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation.
In the years since the publication of the Agile Manifesto, the connection between building better software and business agility has been a tenuous one at best. But now...

Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number w...

I’ve always felt that bringing an economics perspective to our big data and digital transformation discussions is more important than a traditional accounting or even information technology (IT) perspective. Heck, I believe that a Chief Data Officer’s background should be more along the lines of economics than IT. Economics brings a forward-looking perspective on creating value (wealth). In fact, economics is defined as “the branch of knowledge concerned with the production, consumption, and transfer (capture) of wealth.”

SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.

Floyd “Money” Mayweather made headlines last weekend for making light work of Mixed Martial Arts superstar Conor McGregor. But he also made tech headlines recently by endorsing the Hubii Network, an initial coin offering (ICO), on his Instagram and Twitter accounts.
This isn’t the first time Mayweather (who’s dubbed himself Floyd “Crypto” Mayweather) has endorsed an ICO. In late July, he promoted the ICO for the Stox project, which went on to raise more than $30 million in its token sale. (BTW: There are subtle differences between an ICO, a token sale, and a crowdsale, although the terms are ...

With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.

In recent years AI has grown significantly and become a substantial area of business investment. What has changed, and how does this affect you?
For a long time, artificial intelligence was pure science fiction, relegated to books, television and movies—and you don’t need us to tell you that we are well past that point today. In the last few years we have seen extremely rapid advancement in a series of technologies that have come together to unlock a wave of AI investment. According to Accenture, 85% of executives plan to invest extensively in AI in the next three years, and in the same tim...

With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.

No hype cycles or predictions of a gazillion things here. IoT is here. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, an Associate Partner of Analytics, IoT & Cybersecurity at M&S Consulting, will present a step-by-step plan to develop your technology implementation strategy. He will discuss the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud technical architecture, IoT platform selection, end-to-end...

My discussions with organizations looking to “digitally transform” themselves is yielding some interesting observations. I expect that when these discussions move into the execution phase, we will start to create some “Laws of Digital Transformation” that will guide organizations digital transformation journey. So with that in mind, let me start by proposing these “4 Laws of Digital Transformation.”

Today’s businesses run in the virtual world. From virtual machines to chatbots to Bitcoin, physical has become last century’s modus operandi. Dealing with this type of change in business even has its own buzzword – Digital Transformation. From an information technology operations point of view, this has been manifested by organizations increasingly placing applications, virtual servers, storage platforms, networks, managed services and other assets in multiple cloud environments. Managing these virtual assets can be much more challenging than it was with traditional physical assets in your ...

On October 2016, Dyn, a Domain Name Server (DNS) company was the target of a massive coordinated distributed denial of service (DDoS) attack leaving the world not able to connect to popular websites such as Twitter, Amazon.com, BBC, Reddit, Spotify, and more. DDoS attacks occur when multiple resources flood the bandwidth and/or resources of a targeted system which in turn overloads it, preventing it from fulfilling legitimate requests. This attack was carried out by installing malware on Internet of Things (IoT) enabled devices including baby monitors and cameras. Although IoT is touted as a p...

SYS-CON Events announced today that JETRO will showcase Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get tailored ma...

Cloud computing budgets worldwide are reaching into the hundreds of billions of dollars, and no organization can survive long without some sort of cloud migration strategy. Each month brings new announcements, use cases, and success stories.